CORS setting done via DSP admin console: select * from "cors_config" where enabled = 1 not working when using postgresql as system database


#1

Hi
I’m currently using bitnami dreamfactory 2.3.0-4. I have setup CORS setting as below :slight_smile:

  Origin required 
   *  
  Paths 
   *
  Headers 
   *
  Max Age 
   0
  All methods selected

I created an app in DSP instance and a API key is generated.

Now when I am trying to register a user using http://mydspinstance.com:8080/api/v2/user/register?login=false with X-DreamFactory-Api-Key header set to API key created by dsp, I am getting the below error:

XMLHttpRequest cannot load http://mydspinstance.com:8080/api/v2/user/register?login=false

Request header field X-DreamFactory-Api-Key is not allowed by Access-Control-Allow-Headers 
in preflight response.

The webserver used is nginx if that matters. I am hosting this dsp instance on my VPS via bitnami dreamfactory installer.

BUT when I tested with Advanced REST Client the request completed successfully creating the user.
I think that is because Advanced REST Client make requests on sockets by default, instead on XHR

Can someone provide any clues?? Does it has something to do with interfacing between dreamfactory and postgresql ?

Here my dreamfactory and postgresql logs(I am using postgresql as the default system dbms for dreamfactory):
dreamfactory.log
postgresql.log


#2

It seems a bug/issue in dreamfactory 2.3.0-4 or laravel that CORS setting are not being persisted when using postgresql as the system/default database. Maybe an issue with field type mismatch.

I am using dreamfactory bitnami installer, and I used mysql as default database and it worked without any issue. There seems to be an issue with database fields when using postgresql as system database.

Can someone throw light on this ?


#3

Looking at logs and some fiddling, I came to know that before receiveing a request, dreamfactory instance queries its system database(which in my case is postgresql 9.5.x) using the below SQL query :
select * from "cors_config" where enabled = 1

There is a table named “cors_config” created by dreamfactory setup, in which cors entries are stored for that particular dreamfactory instance.

There is a column/field in this table named ‘enabled’ of boolean type with default value true. When a admin user creates a cors entry through admin console, that entry is stored as a record in cors_config table.

The only way to query a boolean field in postgresql is :
select * from "cors_config" where enabled = '1'; or
select * from "cors_config" where enabled = true;
OR
select * from "cors_config" where enabled = 1::BOOLEAN;
OR
select * from "cors_config" where enabled = CAST( 1 AS BOOLEAN );

Rest all query including the one that dreamfactory instance makes, will fail.

AND when ths query fails, the instance interpretes that cors setting are not enabled, and thus deny headers.

NOW my question is is there is a way to modify this sql query made by DSP instance ?
select * from "cors_config" where enabled = 1
This query should be (in case of postgresql):
select * from "cors_config" where enabled = '1'; or
select * from "cors_config" where enabled = true; or
select * from "cors_config" where enabled = 1::BOOLEAN; or
select * from "cors_config" where enabled = CAST( 1 AS BOOLEAN );

It is to be noted that dreamfactory instance is persisting cors entry to postgresql database, I have checked it. So the issue is with this query only.

Please suggest some way as I am quiet new to PHP ecosystem.

Thanks


#4

This is a bug in Dreamfactory 2.3.0-4. I filed a bug report here.


#5

Thanks @abhinavg for keeping this thread updated and filing a bug!

  • @AlexBowen